Search This Blog

A new phishing attack targeting Office 365 business email users was found using Punycode to go undetected by both Microsoft’s default security and desktop email filters, Avanan security researchers warn.

The attack is meant to steal Office 365 credentials and abuses a vulnerability in how Office 365 anti-phishing and URL reputation security layers deal with Punycode. The attack starts with fake FedEX email that include benign looking URLs meant to take users to malicious website. See image below.

By using Punycode and leveraging said flaw in the phish-detection engine, the URL actually resolves to two different domains, one safe, which is detected by Office 365, and the other malicious, which is followed by the browser.

The underlining issue is that Office 365’s default security treats the domain as plain ASCII when verifying whether it is legitimate or not. Because all modern browsers support Unicode character, the address is translated to its Unicode format when launched in the browser. This address is malicious and presents users with a fake Office 365 login page in an attempt to steal user credentials.

How to protect against phishing email or spear phishing email intended for the big fish in our organization?

Do not click in any links asking you to reset your password. Make it as a habit, never click on a link from your email :)

Use Two-Factor Authentication. I highly recommend that you use Two-Factor authentication when available, for your bank accounts, social networks e.g. LinkedIn, Facebook, etc. (The Two-Factor authentication is not available to Kiosk Email user.)

The Phishing Email is the same old method used when a malicious person, asking you to change your bank account password, compromised bank accounts, deposited money on your bank, UPS delivery, social media accounts, free Redskins ticket, free Washington Wizards tickets, and many other variations of fake email. According to PhishMe, 91% of CyberAttacks start with a Phishing Email. The hacked incidents of high profile staff at DNC is through phishing emails. Using this method is cheap, hard to detect, and easy to deploy.

Security awareness of everyone is important to minimize our exposure.

What is the worst case scenario if you click on a “bait” links?

The malicious user will have access to your account. For example, your email, social media, banks account, etc.

Or The malicious user will have full control of your computer through “reverse shell” access. Where they can see all files, install a back-door program to get back in, use your webcam, use your computer as bot for DDOS attack, anything they want.

What to do if you accidentally click a “bait” links?

When you click on a “bait” link or a bad attachment, you think nothing happen and move on with your routine tasks. But the malicious code is already executed in the background, you will not notice it that’s how it is design. Don’t ignore this simple mistake, reboot your workstation right away, this will end the session initiated by clicking the bad link.

Scan your workstation using your anti-virus/anti-malware software.

Report to your immediate supervisor or post in our comment below. Our community is willing to help.

The Center for Development of Security Excellence (CDSE.edu) website provides a fun way to test your awareness against Phishing Scams. Go to http://www.cdse.edu/shorts/cybersecurity.html# website, check the Phishing Scams video “Phishing Scams Avoid the Bait” and have fun.

Comments

Post a Comment

Popular Posts

When you create a meeting schedule for number of days, you will see an error "This resource doesn't accept meetings longer than 1440 minutes". By default the mailbox or room was set for a maximum limit of 1440 minutes.

Here's how you can disable this limit.Login to the Office 365 Administration ConsoleIn Microsoft Office 365 Exchange, click on Manage.In Manage My Orgnization, click the drop down arrow, and click on Select on Another User. This will prompt you to select the mailbox or room to manage.Select a Mailbox or Room, click OK.In Option, click on Settings.In Scheduling Options, un-check the "Limit meeting duration", then click on Save.
That's all. You can now schedule a meeting or reserve a room for number of days.

Hope this help you.

If this helped you, please take the time to share this post by sharing using Google+, Facebook, Twitter, or LinkedIn

I've searched the Internet if someone successfully use the Office365 Microsoft Exchange Online without the use of TLS and SMTP Authentication. I found nothing, so I've decided to write this article so other administrators will benefit and save time. Hopefully give me credit of saving their precious time :)

Office365 (Microsoft Exchange Online) a cloud based email powered by Microsoft Exchange Server with running latest version. SMTP Authentication and TLS protocol are required for your printer to scan and email the result to your corporate intended recipients.

I've tested the SMTP Authentication and TLS settings using Toshiba eStudio printers, and works like a charm. It took a while to configure but it works. See the captured configuration.

I enabled SMTP Client with all certificate without CA, the SSL/TLS as STARTTLS (this is the key to make scan to email using Office365 to work).